The present invention relates to risk management, and more particularly to a method and system for automated risk management of rule-based security.
Maintaining the security of an organization's internal networks and data processing systems from unauthorized access, harmful attacks and the like can be extremely challenging. One means to prevent unauthorized access, harmful attacks and the like is an access control device or system, such as a firewall or similar device. Access control systems, such as firewalls, protect sensitive or confidential data by restricting access to the data and protect networks, systems and devices within the confines of the firewall from various attacks and exploits. There may even be multiple firewalls within an organization's system to further limit access to systems and highly sensitive data to only those having a need for access and who have appropriate authorizations.
Firewalls or like devices or systems typically reside between trusted or secure environments or networks and an un-trusted, unknown or insecure environments or networks, such as the World Wide Web or the Internet. Access through a firewall and authorized transmission of data or traffic through a firewall is typically managed by access rules explicitly defined in the firewall's rule base. The rules may specifically define what sources, destinations, services and the like are authorized or have restrictions. The sources, destinations and services associated with the rules can be extensive with varying levels of security. Additionally, the level of security can change over time. Further, the access rules are typically based on industry standards and these standards are constantly changing as new threats and problems arise. Accordingly, efficient, automated, user-friendly systems and processes for risk management of rule-based security related to access control systems, such as firewalls and similar devices or systems, is needed.